Apply suggestions

jenkinsci · Sep 2, 2024 · 7cfbcf9 · 7cfbcf9
1 parent ac188a0
commit 7cfbcf9
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 15 deletions.
diff --git a/src/main/java/org/jenkinsci/test/acceptance/po/OicAuthSecurityRealm.java b/src/main/java/org/jenkinsci/test/acceptance/po/OicAuthSecurityRealm.java
@@ -20,7 +20,7 @@ public void setAutomaticConfiguration(String wellKnownEndpoint) {
         control("wellKnownOpenIDConfigurationUrl").set(wellKnownEndpoint);
     }
 
-    public void logoutFromOpenidProvider(boolean logout) {
+    public void setLogoutFromOpenidProvider(boolean logout) {
         Control check = control(by.checkbox("Logout from OpenID Provider"));
         if (logout) {
             check.check();

diff --git a/src/main/java/org/jenkinsci/test/acceptance/utils/keycloack/KeycloakUtils.java b/src/main/java/org/jenkinsci/test/acceptance/utils/keycloack/KeycloakUtils.java
@@ -5,7 +5,6 @@
 import org.jenkinsci.test.acceptance.po.CapybaraPortingLayerImpl;
 import org.jenkinsci.test.acceptance.utils.ElasticTime;
 import org.openqa.selenium.WebDriver;
-import org.openqa.selenium.WebElement;
 import jakarta.inject.Inject;
 
 public class KeycloakUtils extends CapybaraPortingLayerImpl {
@@ -35,7 +34,7 @@ public void login(String user, String passwd) {
     }
 
 
-    public User getUser(String keycloakUrl, String realm) {
+    public User getCurrentUser(String keycloakUrl, String realm) {
         driver.get(String.format("%s/realms/%s/account", keycloakUrl, realm));
 
         waitFor(by.id("username"), 5);

diff --git a/src/test/java/plugins/OicAuthPluginTest.java b/src/test/java/plugins/OicAuthPluginTest.java
@@ -102,7 +102,7 @@ private void configureOIDCProvider() throws Exception {
 
             // Users
             UserRepresentation bob = new UserRepresentation();
-            bob.setEmail("bob@acme.org");
+            bob.setEmail("bob@jenkins-ath.test");
             bob.setUsername("bob");
             bob.setFirstName("Bob");
             bob.setLastName("Smith");
@@ -117,7 +117,7 @@ private void configureOIDCProvider() throws Exception {
             theRealm.users().create(bob);
 
             UserRepresentation john = new UserRepresentation();
-            john.setEmail("john@acme.org");
+            john.setEmail("john@jenkins-ath.test");
             john.setUsername("john");
             john.setFirstName("John");
             john.setLastName("Smith");
@@ -171,17 +171,24 @@ private void configureRealm() {
         OicAuthSecurityRealm securityRealm = sc.useRealm(OicAuthSecurityRealm.class);
         securityRealm.configureClient(CLIENT, CLIENT);
         securityRealm.setAutomaticConfiguration(String.format("%s/realms/%s/.well-known/openid-configuration", keycloakUrl, REALM));
-        securityRealm.logoutFromOpenidProvider(true);
+        securityRealm.setLogoutFromOpenidProvider(true);
         securityRealm.setPostLogoutUrl(jenkins.url("OicLogout").toExternalForm());
         securityRealm.setUserFields(null, null, null, "groups");
         sc.useAuthorizationStrategy(LoggedInAuthorizationStrategy.class);
         sc.save();
     }
 
+    /**
+     * Test the login and logout in Jenkins and how it is propagated to the OIDC Provider
+     * - A login in Jenkins will redirect to the provider login page, so the user will be logged in as well in keycloak
+     * - A logout in Jenkins will apply only to Jenkins or will be propagated to the provider (keycloak here) depending
+     *   on the value of the property Lout from openid provider in the Security Realm configuration. For this test,
+     *   it'll be propagated
+     */
     @Test
-    public void fromJenkinsToKeycloak() {
-        final KeycloakUtils.User bob = new KeycloakUtils.User(userBobKeycloakId, "bob", "bob@acme.org", "Bob", "Smith");
-        final KeycloakUtils.User john = new KeycloakUtils.User(userJohnKeycloakId, "john", "john@acme.org", "John", "Smith");
+    public void loginAndLogoutInJenkinsIsReflectedInKeycloak() {
+        final KeycloakUtils.User bob = new KeycloakUtils.User(userBobKeycloakId, "bob", "bob@jenkins-ath.test", "Bob", "Smith");
+        final KeycloakUtils.User john = new KeycloakUtils.User(userJohnKeycloakId, "john", "john@jenkins-ath.test", "John", "Smith");
         jenkins.open();
 
         jenkins.clickLink("log in");
@@ -192,18 +199,25 @@ public void fromJenkinsToKeycloak() {
         jenkins.open();
         assertLoggedOut();
 
-        // logout from Jenkins does mean logout from keycloak
+        // As the option Logout from Openid Provider is set to true, a logout from Jenkins means a logout from Keycloak
+        // so the login page will appear again
         jenkins.open();
 
         clickLink("log in");
         keycloakUtils.login(john.getUserName());
         assertLoggedUser(john, "jenkinsRead");
     }
 
+    /**
+     * Test the login and logout in the OIDC provider and how it is propagated to Jenkins
+     * - A login in the provider will be detected by the plugin so Jenkins won't prompt the login form
+     * - A logout in the provider will redirect to the Jenkins logout action (configured in keycloak) so the user
+     *   will log out from Jenkins as well
+     */
     @Test
-    public void fromKeycloakToJenkins() throws Exception {
-        final KeycloakUtils.User bob = new KeycloakUtils.User(userBobKeycloakId, "bob", "bob@acme.org", "Bob", "Smith");
-        final KeycloakUtils.User john = new KeycloakUtils.User(userJohnKeycloakId, "john", "john@acme.org", "John", "Smith");
+    public void loginAndLogoutInKeycloakIsReflectedInJenkins() throws Exception {
+        final KeycloakUtils.User bob = new KeycloakUtils.User(userBobKeycloakId, "bob", "bob@jenkins-ath.test", "Bob", "Smith");
+        final KeycloakUtils.User john = new KeycloakUtils.User(userJohnKeycloakId, "john", "john@jenkins-ath.test", "John", "Smith");
         final String loginUrl = String.format("%s/realms/%s/account", keycloak.getAuthServerUrl(), REALM);
         keycloakUtils.open(new URL(loginUrl));
 
@@ -229,7 +243,7 @@ private void assertLoggedOut() {
         assertNull("User has logged out from Jenkins", jenkins.getCurrentUser().id());
 
         assertThrows("User has logged out from keycloak", NoSuchElementException.class,
-                     () -> keycloakUtils.getUser(keycloak.getAuthServerUrl(), REALM));
+                     () -> keycloakUtils.getCurrentUser(keycloak.getAuthServerUrl(), REALM));
     }
 
     private void assertLoggedUser(KeycloakUtils.User expectedUser, String roleToCheck) {
@@ -244,7 +258,7 @@ private void assertLoggedUser(KeycloakUtils.User expectedUser, String roleToChec
                 .replace("\"", "")).collect(Collectors.toSet());
         assertThat("User has the expected roles inherited from keycloak", roleToCheck, is(in(allLiTagsInPage)));
 
-        KeycloakUtils.User fromKeyCloak = keycloakUtils.getUser(keycloak.getAuthServerUrl(), REALM);
+        KeycloakUtils.User fromKeyCloak = keycloakUtils.getCurrentUser(keycloak.getAuthServerUrl(), REALM);
         assertThat("User has logged in keycloack", fromKeyCloak.getUserName(), is(expectedUser.getUserName()));
         assertThat("User has logged in keycloack", fromKeyCloak.getEmail(), is(expectedUser.getEmail()));
         assertThat("User has logged in keycloack", fromKeyCloak.getFirstName(), is(expectedUser.getFirstName()));